Balancing the Risks, Benefits, and Costs of Homeland Security


The cumulative increase in expenditures on U.S. domestic homeland security over the decade since 9/11 exceeds one trillion dollars. It is clearly time to examine these massive expenditures applying risk assessment and cost-benefit approaches that have been standard for decades. Thus far, officials do not seem to have done so and have engaged in various forms of probability neglect by focusing on worst case scenarios; adding, rather than multiplying, the probabilities; assessing relative, rather than absolute, risk; and inflating terrorist capacities and the importance of potential terrorist targets. We find that enhanced expenditures have been excessive. To be deemed cost-effective in analyses that substantially bias the consideration toward the opposite conclusion, the security measures would have to deter, prevent, foil, or protect each year against 1,667 otherwise successful attacks that each inflicted some $100 million in damage (more than four per day) or 167 attacks inflicting $1 billion in damage (nearly one every two days). This is in the range of destruction of what might have happened had the Times-Square bomber of 2010 been successful. Although there are emotional and political pressures on the terrorism issue, this does not relieve politicians and bureaucrats of the fundamental responsibility of informing the public of the limited risk that terrorism presents, of seeking to expend funds wisely, and of bearing in mind opportunity costs. Moreover, political concerns may be over-wrought: restrained reaction has often proved to be entirely acceptable politically. And avoiding overreaction is by far the most cost-effective counterterrorism measure.

download the pdf
Download the pdf

Suggested Citation

Mueller, John, and Mark G. Stewart. “Balancing the Risks, Benefits, and Costs of Homeland Security.” Homeland Security Affairs 7, Article 16 (August 2011).


In seeking to evaluate the effectiveness of the massive increases in homeland security expenditures since the terrorist attacks on the United States of September 11, 2001, the common and urgent query has been “are we safer?” This, however, is the wrong question. Of course we are “safer”— the posting of a single security guard at one building’s entrance enhances safety, however microscopically. The correct question is “are the gains in security worth the funds expended?” Or as this absolutely central question was posed shortly after 9/11 by risk analyst Howard Kunreuther, “How much should we be willing to pay for a small reduction in probabilities that are already extremely low?”1

Tallying the Costs — One Trillion Dollars and Counting

We have, in fact, paid — or been willing to pay — a lot. In the years immediately following the terrorist attacks of September 11, 2001 on Washington and New York, it was understandable that there was a tendency to fashion policy and to expend funds in haste and confusion, and maybe even hysteria, on homeland security. After all, intelligence was estimating at the time that there were as many as 5,000 al Qaeda operatives at large in the country,2 and as New York Mayor Rudy Giuliani reflected later, “Anybody, any one of these security experts, including myself, would have told you on September 11, 2001, we’re looking at dozens and dozens and multi-years of attacks like this.”3

The intelligence claims and the anxieties of Giuliani and other “security experts” have clearly proved, putting it mildly, to be unjustified. In the frantic interim, however, the United States government increased its expenditures for dealing with terrorism massively. As we approach the tenth anniversary of 9/11, federal expenditures on domestic homeland security have increased by some $360 billion over those in place in 2001. Moreover, federal national intelligence expenditures aimed at defeating terrorists at home and abroad have gone up by $110 billion, while state, local, and private sector expenditures have increased by two hundred billion more. And the vast majority of this increase, of course, has been driven by much heightened fears of terrorism, not by growing concerns about other hazards — as Veronique de Rugy has noted, by 2008 federal spending on counterterrorism had increased enormously while protection for such comparable risks as fraud and violent crime had not, to the point where homeland security expenditures had outpaced spending on all crime by $15 billion.4

Tallying all these expenditures and adding in opportunity costs — but leaving out the costs of the terrorism-related (or terrorism-determined) wars in Iraq and Afghanistan and quite a few other items that might be included — the increase in expenditures on domestic homeland security over the decade exceeds one trillion dollars. The details are in Table 1. This has not been enough to move the country into bankruptcy, Osama bin Laden’s stated goal after 9/11, but it clearly adds up to real money, even by Washington standards.5 Other countries like Britain, Canada, and Australia have also dramatically increased their expenditures.

Table 1. The Trillion Dollar Table
Enhanced Costs of Homeland Security since 9/11, in billions of 2010 dollars
Enhanced Direct Expenditures 2009 2001-11
  Federal homeland security expenditures 50 360
  Federal intelligence expenditures 15 110
  Local and state expenditures 10 110
  Private-sector spending 10 110
Total 85 690
Opportunity Costs    
  Terrorism risk insurance premiums 4 40
  Passenger delays caused by airport screening 10 100
  Increase in short-haul traffic fatalities for people avoiding airport delays 3 32
  Deadweight losses and losses in consumer welfare 30 245
Total 47 417

Relevant spending elements not included in the table

  • Terror-related wars in Iraq and Afghanistan
  • Costs of crime facilitated by focus of police and FBI on, or preoccupation with, terrorism
  • Costs resulting from hurricane Katrina that might have been mitigated if DHS had not been so preoccupied by terrorism
  • Additional Post Office expenditures to deal with the effects of 9/11 and the anthrax letters
  • Effects on tourism, property and stock market values, business location decisions, etc. though dead weight losses might capture some of these
  • In addition to the short-haul fatality effect included in the table, the increase in traffic fatalities in the U.S. of 2,300 lives to the end of 2003 due to the fear of flying and the inconvenience of extra passenger screening
  • Extra fuel cost to airlines because of the weight of hardened (heavier) cockpit doors
  • Free airline seats to Federal Air Marshals
  • Passenger delays and inconvenience cause by false positive identification on TSA’s no fly list.
  • Cutbacks to Medicare, Medicaid, education, social security, and other government services in an effort to reign in budget deficits caused by wars in Iraq and Afghanistan and mushrooming homeland security budgets
  • Note: For sources and full explanation for these numbers, see John Mueller and Mark G. Stewart, Terror, Security and Money: Balancing the Risks, Benefits, and Costs of Homeland Security (New York and Oxford, UK: Oxford University Press, forthcoming September 2011).

Evaluating the Expenditures

In this article we seek to apply conventional cost-benefit and risk analytic approaches to this massive increase in expenditure in an effort to provide an answer to Kureuther’s exceedingly apt question. These approaches have been recommended for many years by the United States Office of Management and Budget, and they are routinely used by such agencies as the Nuclear Regulatory Commission, the Environmental Protection Agency, and the Federal Aviation Administration, and in 2004 the 9/11 Commission specifically called on the government to apply them to assess the risks and cost-effectiveness of security measures put in place to deal with terrorism.6 However, it appears that this simply has not been done.

Upon taking office in 2005, Department of Homeland Security Secretary Michael Chertoff did strongly advocate a risk-based approach, insisting that the department “must base its work on priorities driven by risk.”7 Yet, a year later, when DHS expenditures had increased by some $135 billion beyond those already in place in 2001 and when the department had become the government’s largest non-military bureaucracy, one of its senior economists wistfully noted, “We really don’t know a whole lot about the overall costs and benefits of homeland security.”8

By 2007, RAND President James Thomson was contending that DHS leaders “manage by inbox” with the “dominant mode of DHS behavior being crisis management.” Most programs are implemented, he continued, “with little or no evaluation” of their performance or effectiveness, and the agency “receives little analytical advice on issues of policy, program, and budget.”9 And, after an exhaustive assessment, the Congressional Research Service concluded at the same time that DHS simply could not answer the “central question” about the “rate of return, as defined by quantifiable and empirical risk reductions” on its expenditure.10

The boilerplate emphasis on risk-informed decision making continued with the change of administrations after the 2008 elections, as Secretary Janet Napolitano insisted that

Development and implementation of a process and methodology to assess national risk is a fundamental and critical element of an overall risk management process, with the ultimate goal of improving the ability of decision makers to make rational judgments about tradeoffs between courses of action to manage homeland security risk.11

Such declarations notwithstanding, however, we have been able to find only one published reference to a numerical estimate of risk reduction after an extensive search of the agency’s reports and documents.12 Moreover, we have been able to find no reference whatever to the likelihood of a terrorist attack beyond rather vague references such as “high,” “imminent,” “dynamic,” “persistent,” and “emerging.”

Indeed, at times DHS has ignored specific calls by other government agencies to conduct risk assessments. In 2010, the Department began deploying full-body scanners at airports, a technology that will cost $1.2 billion per year. The Government Accountability Office specifically declared that conducting a cost-benefit analysis of this new technology to be “important.”13 As far as we can see, no such study was conducted. Or there was GAO’s request that DHS conduct a full cost/benefit analysis of the extremely costly process of scanning 100 percent of U.S.-bound containers. To do so would require the dedicated work of a few skilled analysts for a few months or possibly a year. Yet, DHS replied that, although it agreed that such a study would help to “frame the discussion and better inform Congress,” to actually carry it out “would place significant burdens on agency resources.”14

Clearly, DHS focuses all or almost all of its analyses on the contemplation of the consequences of a terrorist attack while substantially ignoring the equally important likelihood component of risk assessment as well as the key issue of risk reduction. In general, risk assessment seems to be simply a process of identifying a potential source of harm and then trying to do something about it without evaluating whether the new measures reduce risk sufficiently to justify their costs.

This conclusion was strongly supported by a 2010 report of the National Research Council of the National Academies of Sciences, Engineering, and Medicine. Requested by Congress to assess the activities of the Department of Homeland Security, a committee worked for nearly two years on the project and came up with some striking conclusions. Except for the analysis of natural disasters, the committee “did not find any DHS risk analysis capabilities and methods that are yet adequate for supporting DHS decision making,” and therefore “only low confidence should be placed in most of the risk analyses conducted by DHS.” Indeed, “little effective attention was paid to the features of the risk problem that are fundamental.” It also found an “absence of documentation of methods and processes” with the result that the committee sometimes had to infer details about DHS risk modeling. Indeed, “in a number of cases examined by the committee, it is not clear what problem is being addressed.” It also found “a pattern” of “trusting numbers that are highly uncertain.” And, concluded the committee rather glumly, “it is not yet clear that DHS is on a trajectory for development of methods and capability that is sufficient to ensure reliable risk analyses”: although it found that “there are people at DHS who are aware of these current limitations,” it “did not hear of efforts to remedy them.”15

Overall, it seems, security concerns that happen to rise to the top of the agenda are serviced without much in the way of full evaluation — security trumps economics, as one insider puts it — and such key issues as acceptable risk are rarely discussed while extravagant worst case scenario thinking dominates, and frequently savagely distorts, the discussion.

It is clearly time to examine massive homeland security expenditures in a careful and systematic way, applying the kind of analytic risk management approaches emphasizing cost-benefit analysis and determinations of acceptable and unacceptable risks that are routinely required of other governmental agencies and that have been standard coin for policy decision-making for decades throughout the world when determining regulations even in such highly charged and politicized decisions as those regarding where to situate nuclear power plants, how to dispose of toxic waste, and how to control pollution—decisions that engage the interests and passions of multiple groups.

Probability Neglect

A recent book by Gregory Treverton, a risk analyst at the RAND Corporation whose work we have found highly valuable at various points in this study, contains a curious reflection:

When I spoke about the terrorist threat, especially in the first years after 2001, I was often asked what people could do to protect their family and home. I usually responded by giving the analyst’s answer, what I labeled “the RAND answer.” Anyone’s probability of being killed by a terrorist today was essentially zero and would be tomorrow, barring a major discontinuity. So, they should do nothing. It is not surprising that the answer was hardly satisfying, and I did not regard it at such.16

From this experience, he concluded, “People want information, but the challenge for government is to warn without terrifying.”17

It is not clear why anyone should find his observation unsatisfying since it simply puts the terrorist threat in general and in personal context, suggesting that excessive alarm about the issue is scarcely called for. It is, one might suspect, exactly the kind of accurate, reassuring, adult, and non-terrifying information people have been yearning for. And it deals frontally with a key issue in risk assessment: evaluating the likelihood of a terrorist attack.

Treverton’s “RAND answer,” calmly (and accurately) detailing the likelihood of the terrorist hazard and putting it in reasonable context, has scarcely ever been duplicated by politicians and officials in charge of providing public safety. Instead the awkward problem of dealing with exceedingly low probabilities has been finessed — and questionable expenditures accordingly justified — by five stratagems that in various ways embrace a form of risk aversion that can be called “probability neglect.”

Focusing on Worst Case Scenarios

Cass Sunstein, who seems to have invented the phrase, “probability neglect,” assesses the version of the phenomena that comes into being when “emotions are intensely engaged.” Under that circumstance, he argues, “people’s attention is focused on the bad outcome itself, and they are inattentive to the fact that it is unlikely to occur.” Moreover, they are inclined to “demand a substantial governmental response — even if the magnitude of the risk does not warrant the response.”18 It may be this phenomenon that Treverton experienced.

Playing to this demand, government officials are inclined to focus on worst case scenarios, presumably in the knowledge, following Sunstein’s insight, that this can emotionally justify just about any expenditure no matter how unlikely the prospect the dire event will actually take place. Accordingly, there is a preoccupation with “low probability/high consequence” events such as the detonation of a sizeable nuclear device in midtown Manhattan even though the vast bulk of homeland security expenditures are focused on comparatively low consequence events like explosions set off by individual amateurs.

It is sometimes argued that conventional risk analysis breaks down under extreme conditions because the risk is now a very large number (losses) multiplied by a very small number (attack probability). However, it is not the risk analysis methodology that is at fault here, but our ability to use the information obtained from the analysis for decision-making. Analyst Bruce Schneier has written penetratingly of worst-case thinking. He points out that

[It] involves imagining the worst possible outcome and then acting as if it were a certainty. It substitutes imagination for thinking, speculation for risk analysis, and fear for reason. It fosters powerlessness and vulnerability and magnifies social paralysis. And it makes us more vulnerable to the effects of terrorism.19

It leads to bad decision making because

It’s only half of the cost-benefit equation. Every decision has costs and benefits, risks and rewards. By speculating about what can possibly go wrong, and then acting as if that is likely to happen, worst-case thinking focuses only on the extreme but improbable risks and does a poor job at assessing outcomes.20

It also assumes “that a proponent of an action must prove that the nightmare scenario is impossible,” and it “can be used to support any position or its opposite. If we build a nuclear power plant, it could melt down. If we don’t build it, we will run short of power and society will collapse into anarchy.” And worst, it “validates ignorance” because, “instead of focusing on what we know, it focuses on what we don’t know — and what we can imagine.” In the process “risk assessment is devalued” and “probabilistic thinking is repudiated in favor of “possibilistic thinking.”21

What is necessary is due consideration to the spectrum of threats, not simply the worst one imaginable, in order to properly understand, and to coherently deal with, the risks to people, institutions, and the economy. The relevant decision-makers are professionals, and it is not unreasonable to suggest that they should do so seriously. Notwithstanding political pressures, the fact that the public has difficulties with probabilities when emotions are involved does not relieve those in charge of the requirement, even the duty, to make decisions about the expenditures of vast quantities of public monies in a responsible manner.

Adding, Rather than Multiplying, the Probabilities

A second stratagem for neglecting probability that is sometimes applied at DHS is to devise a rating scale where probabilities of attack are added to the losses. Thus, as a Congressional Research Service analysis points out, to determine whether a potential target should be protected, DHS has frequently assessed the target’s vulnerability and the consequences of an attack on it on an 80 point scale and the likelihood it will be attacked on a 20 point ranked scale. It then adds these together.22 Thus, a vulnerable target whose destruction would be highly consequential would be protected even if the likelihood it will be attacked is zero, and a less consequential target could go unprotected even if the likelihood it will be attacked is 100 percent.

This procedure violates the principles espoused in all risk assessment techniques such as those codified in international risk management standards supported by twenty-six countries including the United States.23 In these risk is invariably taken to be a product in which the attack probability is multiplied by the losses, not added to them. Essentially, what often seems to be happening is that DHS has a pot of money to dole out, and it has worked out a method for determining which projects are most worthy while avoiding determining whether any of them are actually worth any money at all.

Assessing Relative, Rather than Absolute, Risk

A third technique, related to the second, is, as the CRS study points out, simply to rank relative risk while neglecting to determine the actual magnitude of the risk.24 The 2010 National Research Council study finds this approach to be wanting:

Risk management decisions seek to reduce risks in accordance with specified, absolute risk criteria for human health protection. Many of the risk analyses thus far conducted by DHS involve risk ranking, based on scales of presumed relative risks, and do not include attempts to provide absolute measures of risk.25

It may be true that New York is more likely to be struck by a terrorist than, say, Columbus, Ohio. But it is also more likely to be struck by a tsunami, and not only in Hollywood disaster thrillers. Before spending a lot of money protecting New York from a tsunami, we need to get some sort of sense about what the likelihood of that event actually is, not simply how the risk compares to that borne by other cities. And the same goes for terrorism.

Inflating the Importance of Potential Terrorist Targets

A fourth stratagem is to inflate the importance of potential terrorist targets. Thus, nearly half of American federal homeland security expenditure is devoted to protecting what the Department of Homeland Security and various presidential and Congressional reports and directives rather extravagantly call “critical infrastructure” and “key resources.”

Applying common sense English about what “critical infrastructure” could be taken to mean, it should be an empty category. If any element in the infrastructure is truly “critical” to the operation of the country, steps should be taken immediately to provide redundancies or backup systems so that it is no longer so. An official definition designates “critical infrastructure” to include “the assets, systems, and networks, whether physical or virtual, so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, public health or safety, or any combination thereof.”26 Yet vast sums of money are spent under the program to protect elements of the infrastructure whose incapacitation would scarcely be “debilitating” and would at most impose minor inconvenience and quite limited costs.

And the same essentially holds for what DHS designates as “key resources,” or formerly as “key assets.” These are defined to be those that are “essential to the minimal operations of the economy or government.”27 It is difficult to imagine what a terrorist group armed with anything less than a massive thermonuclear arsenal could do to hamper such “minimal operations.” The terrorist attacks of 9/11 were by far the most damaging in history, yet, even though several major commercial buildings were demolished, both the economy and government continued to function at considerably above the “minimal” level.

The very phrase, “homeland security,” contains aspects of a similar inflation in its suggestion that that essential security of the entire country is at stake. In Canada, the comparable department is labeled with more accuracy and less drama simply as “public safety.” Given the actually magnitude of the terrorist hazard, the homeland is, as it happens, really quite secure, though there may be justifiable concerns about the public’s safety under some conditions.

Inflating Terrorist Capacities

A final stratagem is to fail to assess, or massively to inflate, the capacities of the terrorists, and therefore by inference both the likelihood they will attack and the consequences of that attack. This is something that should be of absolutely key importance yet, in its big national infrastructure protection report of 2009, the DHS devotes only two paragraphs to describing the nature of the “terrorist adversary” — a designation that implies far more coordination among terrorists than experience suggests is valid.28 Moreover, none of this fleeting discussion shows any depth, and the report prefers instead to spew out adjectives like “relentless,” “patient,” and “flexible,” terms that scarcely characterize the vast majority of potential terrorists.

The report goes on to argue without qualification that the “terrorist adversary” not only “shows an understanding of the potential consequence of carefully planned attacks on economic, transportation, and symbolic targets,” but that it “seriously threatens national security, and could inflict mass casualties, weaken the economy, and damage public morale and confidence.” This too is a rather extravagant exaggeration of the threat most terrorists present.

The ultimate in such thinking — common during the administration of George W. Bush and continued more sporadically in the administration of his successor, Barack Obama — is to characterize the terrorist threat as “existential.” In 2008, Homeland Security Secretary Michael Chertoff even proclaimed the “struggle” against terrorism to be a “significant existential” one — carefully differentiating it, apparently, from all those insignificant existential struggles Americans have waged in the past.29 Rather amazingly, such extreme expressions, which if accepted as valid, can close off all judicious evaluation of the problem, have only rarely been called into question.

In stark contrast, Glenn Carle, a twenty-three-year veteran of the Central Intelligence Agency, where he was deputy national intelligence officer for transnational threats, has warned “We must not take fright at the specter our leaders have exaggerated. In fact, we must see jihadists for the small, lethal, disjointed and miserable opponents that they are.” Al-Qaeda “has only a handful of individuals capable of planning, organizing and leading a terrorist organization,” and although they have threatened attacks, “its capabilities are far inferior to its desires.”30

In evaluating al-Qaeda’s present capacity to inflict damage and its likelihood of doing so, a good place to start is with analyses provided by Marc Sageman.31 A former intelligence officer with experience in Afghanistan, Sageman has carefully and systematically combed through both open and classified data on jihadists and would-be jihadists around the world.

Al-Qaeda central, he concludes, consists of a cluster less than 150 actual people. Other estimates of the size of al-Qaeda central generally come in with numbers in the same order of magnitude as those suggested by Sageman.32 Sageman may be going too far when he argues “there is not much left of al-Qaeda except in the minds of those inside the beltway.”33 But that possibility should be included in the discussion at least as much as ones that confer on al-Qaeda capacities that are at once monumental and mounting.

Beyond the tiny band that constitutes al-Qaeda central, there are, continues Sageman, thousands of sympathizers and wouldbe jihadists spread around the globe who mainly connect in Internet chat rooms, engage in radicalizing conversations, and variously dare each other to actually do something.34 All of these rather hapless — perhaps even pathetic — people should of course be considered to be potentially dangerous. From time to time they may be able to coalesce enough to carry out acts of terrorist violence, and policing efforts to stop them before they can do so are certainly justified. But the notion that they present an existential threat to just about anybody seems at least as fanciful as some of their schemes.

By 2005, after years of well-funded sleuthing, the FBI and other investigative agencies noted in a report that they had been unable to uncover a single true al-Qaeda sleeper cell anywhere in the United States, a finding (or non-finding) publicly acknowledged two years later in a press conference and when the officer who drafted that year’s National Intelligence Estimate testified that “we do not see” al-Qaeda operatives functioning inside the United States.35 Indeed, they have been scarcely able to unearth anyone who might even be deemed to have a “connection” to the diabolical group.

It follows that any terrorism problem in the United States and the West principally derives from rather small numbers of homegrown people, often isolated from each other, who fantasize about performing dire deeds and sometimes receive a bit of training and inspiration overseas. Indeed, in testimony on January 11, 2007, Mueller stressed that his chief concern within the United States had become homegrown groups, a sentiment later endorsed by Obama’s Homeland Security Secretary Janet Napolitano in 2009.36

Assessing the threat from homegrown Islamist terrorists, Brian Jenkins stresses that their number is “tiny,” representing one out of every 30,000 Muslims in the United States. This “very low level” of recruitment finds very little support in the Muslim community at large: “they are not Mao’s guerrillas swimming in a friendly sea.” Given this situation, concludes Jenkins, what is to be anticipated is “tiny conspiracies, lone gunmen, one-off attacks rather than sustained terrorist campaigns.”37 In the meantime, note other researchers, Muslim extremists have been responsible for one fiftieth of one percent of the homicides committed in the United States since 9/11.38

Because terrorism of a considerably destructive nature can be perpetrated by a very small number of people, or even by a single individual, the fact that terrorists are few in number does not mean there is no problem, and from time to time some of these people may actually manage to do some harm, though in most cases their capacities and schemes — or alleged schemes — seem to be far less dangerous than initial press reports suggest.

The situation seems scarcely different in Europe and other Western locations. Political scientist Michael Kenney has interviewed dozens of officials and intelligence agents and analyzed court documents. He finds that, in sharp contrast with the boilerplate characterizations favored by the DHS, Islamic militants there are operationally unsophisticated, short on knowhow, prone to make mistakes, poor at planning, and limited in their capacity to learn.39 Another study documents the difficulties of network coordination that continually threaten operational unity, trust, cohesion, and the ability to act collectively.40

For several decades, the United States State Department collected data on international or transnational terrorism, defining the act as premeditated, politically motivated violence perpetrated by subnational groups or clandestine agents against noncombatant targets (civilians and military personnel who at the time of the incident are unarmed or not on duty) that involve citizens or the territory of more than one country.41 The number of people worldwide who died during the period as a result of all forms of transnational terrorism (Islamist or other) by this definition is 482 a year. Another study using comparable data for the longer period from 1968 to 2006 arrives at an average of 420 per year.42

Another approach is to focus on the kind of terrorism that really concerns people in the developed world by restricting the consideration to violence committed by Muslim extremists outside of war zones, whether that violence be perpetrated by domestic Islamist terrorists or by ones with international connections. Included in the count would be terrorism of the much publicized sort that occurred in Bali in 2002 and 2005, in Saudi Arabia, Morocco, and Turkey in 2003, in the Philippines, Madrid, and Egypt in 2004, and in London and Jordan in 2005. Three publications from think tanks have independently provided lists or tallies of such violence committed in the several years after the 9/11 attacks.43 The lists include not only attacks by al-Qaeda but also those by its imitators, enthusiasts, lookalikes, and wannabes, as well as ones by groups with no apparent connection to it whatever. Although these tallies make for grim reading, the total number of people killed in the years after 9/11 by Muslim extremists outside of war zones comes to some 200 to 300 per year. That, of course, is 200 to 300 too many, but it hardly suggests that the destructive capacities of the terrorists are monumental. For comparison, during the same period more people — 320 per year — drowned in bathtubs in the United States alone.44 Or there is another, rather unpleasant comparison. Increased delays and added costs at U.S. airports due to new security procedures provide incentive for many short-haul passengers to drive to their destination rather than flying, and, since driving is far riskier than air travel, the extra automobile traffic generated has been estimated in one study to result in 500 or more extra road fatalities per year.45

Evaluating Increases in Homeland Security Spending in the United States

In the end, one might darkly suspect, various versions of probability neglect are grasped because, if realistic probabilities that a given target would be struck by terrorists were multiplied into the risk calculation and if the costs of protection from unlikely threats were sensibly calculated following standard procedures, it would be found that vast amounts of money have been misspent.

Although measuring risk can be difficult, it is done as a matter of course in other areas including such highly charged ones as nuclear power plant accidents (where malevolent threats are explicitly considered), aviation safety, and environmental protection. Moreover, there is plenty of data on how much damage terrorists have been able to do over the decades and about how frequently they attack. Seen in reasonable context, both of these numbers are exceedingly small, at least outside of war zones.

The insurance industry has a distinct financial imperative to understand terrorism risks. In the immediate aftermath of the 9/11 attacks in which insured losses reached $35 billion, most insurance firms placed terrorism exclusions on their policies.46 Since then, however, the United States government implemented the Terrorism Risk Insurance Act to provide “a temporary window of reinsurance relief to help insurers manage the ongoing risk of terrorism.”47 With that, insurance firms re-entered the terrorism insurance market, and by 2009 the median terrorism insurance premium for a $303 million property had more than halved to only $9,541 per year.48 This represents a conservative measure of expected loss or risk, and a simple back-calculation in the risk equation suggests that the insurer estimates the likelihood of a terrorist attack on a property to be very low: less than one in thirty thousand per year.49 If the private sector can estimate terrorism risks and is willing to risk its own money on the validity of the estimate, why can’t the DHS?

It is certainly true that improbable disastrous events — like the 9/11 attacks — do sometimes transpire. That is, in fact, why we call them improbable as opposed to impossible. But because improbable events sometimes do take place does not mean that all improbable events therefore become probable. To avoid or to ignore this elemental consideration is to engage in faulty, even irrational, planning and decision-making.

A conventional approach to cost-effectiveness compares the costs of security measures with the benefits as tallied in lives saved and damages averted. A security measure is cost-effective when the benefit of the measure outweighs the costs of providing the security measures.


The benefit of a security measure is a function of three elements:

Benefit = (probability of a successful attack) × (losses sustained in the successful attack) ×
(reduction in risk)

In the matter at hand, where we are concerned with the cost-effectiveness of enhanced (post-9/11) security expenditures, the probability of a successful attack is the likelihood a successful terrorist attack will take place if no new security measures were put into place. As discussed earlier, terrorism, at least outside war zones, is very infrequent: it is a low-probability event.

The losses sustained in the successful attack include the fatalities and other damage — both direct and indirect — caused by the terrorist attack, taking into account the value and vulnerability of people and infrastructure as well as any psychological and political effects. A successful terrorist attack can inflict costs in the tens of millions of dollars. Exceptional attacks, like the one on 9/11, can cost $200 billion, and losses could conceivably reach five trillion dollars for the nightmare scenario of the detonation of a sizeable nuclear device in a densely populated area of a city.50

The third and final consideration in calculating the benefit of the security expenditures is the reduction in risk, which in this case concerns the effectiveness of the security measures to foil, deter, disrupt, or protect against a terrorist attack.51 That is, it is the degree to which new security measures reduce the likelihood of a successful terrorist attack and/or the losses sustained in such an attack.

In assessing risk reduction, it is important first to look at the effectiveness of homeland security measures that were in place before 9/11 in reducing risk. The 9/11 Commission’s report points to a number of failures, but it acknowledges as well that terrorism was already a high priority of the United States government before 9/11.52 More pointed is an observation of Michael Sheehan, former New York City Deputy Commissioner for Counterterrorism:

The most important work in protecting our country since 9/11 has been accomplished with the capacity that was in place when the event happened, not with any of the new capability bought since 9/11. I firmly believe that those huge budget increases have not significantly contributed to our post-9/11 security…. The big wins had little to do with the new programs.53

As this suggests, police and domestic intelligence agencies have long had in place procedures, techniques, trained personnel, and action plans to deal with bombs and shootings and those who plot them. Indeed, according to 9/11’s chief planner, Khalid Sheikh Mohammed, the greatest difficulty the plotters faced was getting their band of terrorists into the United States. It may be even more difficult now, but the strictures before already presented a considerable hurdle.54

There is another consideration. The tragic events of 9/11 massively heightened the awareness of the public to the threat of terrorism, resulting in extra vigilance that has often resulted in the arrest of terrorists or the foiling of terrorist attempts. Most dramatically, because airplane passengers have become much more attuned to suspicious or dodgy behavior of their fellow passengers, two terrorist attempts to blow up airliners have been foiled: the shoe bombing effort of 2001 and the underwear effort of 2009. Both were detected and restrained by crews and passengers, not by the many costly enhanced security measures put into place by the TSA. The same holds for the peddler in New York who reported the smoking vehicle bomb in Times Square in 2010. Indeed, tip-offs have been key to prosecutions in many of the terrorism cases in the United States since 9/11. Importantly, the inspiration of extra vigilance comes at no cost to the taxpayer.

In our analysis we will assume that risk reduction caused by the security measures in place before 9/11 and by the extra vigilance of the public after that event reduced risk by 50 percent. This is an exceedingly conservative estimate not only because of Sheehan’s observation, but because security measures that are at once effective and relatively inexpensive are generally the first to be implemented — for example, one erects warning signs on a potentially dangerous curve in the road before rebuilding the highway. Furthermore, most terrorists (or would-be terrorists) do not show much intelligence, cleverness, resourcefulness, or initiative, and therefore measures to deal with them are relatively inexpensive and are likely to be instituted first. Dealing with the smarter and more capable terrorists is more difficult and expensive, but these people represent, it certainly appears, a decided minority among terrorists.

In addition, we will assume that the increase in US expenditures on homeland security since 2001 has been dramatically effective, reducing the remaining risk by an additional 45 percent. Total risk reduction, then is generously assumed to be 95 percent with the pre-existing measures and the extra public vigilance responsible for 50 percent of the risk reduction and the enhanced expenditures responsible for the remaining 45 percent.


As indicated, benefits are a multiplicative composite of three considerations: the probability of a successful attack, the losses sustained in a successful attack, and the reduction in risk furnished by security measures. This product, the benefit, is then compared to the cost of the security measures instituted to attain the benefit.

For the purposes of this analysis, we assess only the costs of increased government expenditures on homeland security after the 9/11 attacks. That is, we assume homeland security measures in place before the attacks continue, and we evaluate the additional funds that have been allocated to homeland security, almost all of it designed, of course, to deal with terrorism, the only hazard that notably inspired increased alarm after the attacks.

United States federal government spending on homeland security increased from $20.1 billion in 2001,55 to $75 billion in 2009.56 In all, federal government spending on homeland security for 2009 was $75 billion or $50 billion higher in 2010 dollars than in 2001, adjusting for inflation.57

To limit our focus to increases in expenditures by the federal government reported by the OMB would be a considerable restriction because this ignores the recently declassified national intelligence costs as well as state and local government outlays on homeland security. As shown in Table 1, we conservatively estimate enhanced intelligence expenditures since 9/11 devoted to domestic homeland security to be $15 billion in 2009. As the Table also indicates, enhanced outlays for state and local homeland security spending are approximately $10 billion per year.

The increase in annual federal government outlays, then, is $50 billion per year, and the addition of national intelligence and state and local homeland security outlays of $25 billion gives a total of $75 billion. We will use this figure, although it is a very conservative measure of the degree to which homeland security expenditures have risen since 9/11 because we do not include several other items totaling (far) more than $200 billion per year as tallied in Table 1. These include (1) private sector expenditures on homeland security related measures costing $10 billion per year; (2) terrorism risk insurance premiums of nearly $4 billion per year; (3) hidden and indirect costs or “dead weight losses” of implementing security-related regulations that amounted to at least $30 billion in lost output per year; (4) various opportunity costs including those attendant on the increase of 500 traffic fatalities per year due to increased delays and added costs at airports diverting many short-haul passengers to their cars instead valued at $3.2 billion, as well as other opportunity costs; and (5) the costs of the terror-related wars in Iraq and Afghanistan which reached $150 billion in 2009.


To summarize, our analysis for the United States applies these estimates and assumptions:

  1. We assume those security measures in place before 9/11 continue and that these, combined with the extra public vigilance induced by 9/11, reduce the likelihood of a successful terrorist attack or reduce the losses sustained in such an attack by 50 percent;
  2. We assume the enhanced security expenditures since 9/11 have successfully reduced the likelihood of a successful terrorist attack or have reduced the losses sustained in such an attack by a further 45 percent, leading to an overall risk reduction of 95 percent; and
  3. We include in our cost measure only enhanced local, state, and federal security expenditures and enhanced intelligence costs since 9/11 (totaling $75 billion per year), leaving out many other expenditures including those incurred by the private sector, opportunity costs, and the costs of the terror-related wars in Iraq and Afghanistan.

Table 2 puts this all together. It displays the benefit generated by enhanced security measures if they have been able to prevent or protect against an otherwise successful attack for a range of losses from a successful attack and for a range of annual attack probabilities.

Table 2. Net benefit in billions of dollars for US enhanced homeland security expenditures of
$75 billion per year assuming these have reduced risks by 45 percent
 Losses from a successful terrorist attack
Annual Probability of a successful attack in the absence of security expenditures$100 million$1 billion$5 billion$100 billion$200 billion$1 trillion$5 trillion
 9/11Nuclear PortNuclear
Grand Central
 Note: Each entry above represents the benefit-minus-cost result for each loss and for each attack probability. Entries that are positive would be considered to be cost-effective. A value of -75 denotes no benefit.
Break-Even Analysis
The number of otherwise successful attacks averted by security expenditures required for the enhanced expenditures to be cost-effective at several levels of loss—that is, for the security benefit of the expenditures to equal their costs
per year
per year
per year
per year
per year
in 6 years
in 30 years

1 One per year.

In the years since 2001 (or, for that matter, in those previous to it), al-Qaeda-like terrorists operating outside of war zones have generally inflicted less than $1 million in property damage and a limited number of fatalities in each successful attack. A monetary value of the destruction wreaked in attacks like that would be tens of millions of dollars.58 Something like that would probably have been the losses inflicted if the Times Square bomber of 2010 had carried out what seems to have been his mission, though possibly the damage could have been higher. Of late, a number of analysts and policy makers have suggested that these are the kind of attacks that are far the most likely. If a loss of $100 million — a high estimate for small successful attacks — is taken to be the approximate norm, Table 2 indicates in the first column that, even if the likelihood of such an attack were 100 percent per year without the security measures, the money spent to prevent or protect against them would not be worth it: the costs of security would outweigh the benefit of the security.

There is another way to look at this. If

Benefit = (probability of a successful attack) × (losses sustained in the successful attack) ×
(reduction in risk)

the same equation can be used in a break-even analysis to calculate how many attacks would have to take place to justify the expenditure. That is, thinking of the “benefit” as the cost of the security measure:

(probability of a successful attack) = security cost/[(losses sustained in the successful attack) × (reduction in risk)]

Thus for a successful terrorist attack in which the security cost in $75 billion, losses sustained are $100 million, and the reduction in risk is .45, the probability of a successful attack would need to be at least

(probability of a successful attack) > $75 billion/[$100 million × .45] = 1667 attacks per year

That is, in order for enhanced United States expenditures on homeland security to be deemed cost-effective under our approach — which substantially biases the consideration toward the opposite conclusion — they would have to deter, prevent, foil, or protect each year against 1,667 otherwise successful attacks something like the one attempted on Times Square in 2010, or more than four per day. The array of numbers at the bottom on Table 2 gives this quantity for a variety of loss levels. Even for attacks inflicting $1 billion in damage, the frequency would have to be about one every other day.

The losses from attacks like those of July 2005 in London would not exceed five billion dollars. For enhanced security measures to be cost-effective for attacks of that magnitude, their rate of occurrence without those enhanced measures would have had to exceed thirty per year.59 If we posit that such an attack is thwarted once per year (a conservative threat likelihood by any measure) the ratio of benefit to cost is a meager 0.03 meaning that spending $1 buys only three cents of benefits.60

For a terrorist attack, or set of attacks, that, like those of September 11, 2001, caused $200 billion dollars of destruction (something that has only occurred once in all of history), enhanced expenditures would be cost-effective only if that sort of attack would have occurred more than once a year without them. Moreover, it is not clear that other 9/11-like attacks would trigger the extreme economic reaction engendered by the original intensely shocking event — that is, the full costs of another 9/11 might not reach those sustained in the original event.

An extreme upper bound would be the detonation of a 10-kiloton nuclear device at New York’s Grand Central Terminal on a busy day, a nightmare scenario that might exact losses of up to $5 trillion. Enhanced homeland security expenditures would be cost-effective in this case only if, without them, such an extreme attack would have successfully been executed once every thirty years.61 The same, roughly, would hold for another extreme scenario, one in which the terrorist attack triggers an expensive war like the one in Iraq.62

There are extreme scenarios that can be taken to suggest that enhanced U.S. security expenditures could be cost-effective — the nightmare nuclear vision as well as the costly overreaction scenario. However, for those who find such outcomes dangerously likely, the policy response would logically be to spend on reducing the risk of nuclear terrorism in the one case and to develop strictures to overreaction in the other. The logical policy response would not be, for example, to spend tens of billions of dollars each year on protection measures.

In virtually all contexts, then, overall enhanced expenditures on homeland security in the United States fail to be cost-effective — spectacularly so in most instances — even in an analysis that very substantially biases the calculations in favor of the opposite conclusion. In consequence, a great deal of money appears to have been misspent and would have been far more productive — saved far more lives — if it had been expended in other ways.

We are not arguing that much of homeland security spending is wasteful because we believe there will be no more terrorist attacks. Like crime and vandalism, terrorism will always be a feature of life, and a condition of zero vulnerability is impossible to achieve. However, future attacks might not be as devastating as 9/11, as evidenced by the attacks on Western targets in the ten years since 9/11 that, although tragic, have claimed victims numbering in the tens to a few hundred — and none, certainly, have posed an existential threat. The frequency and severity of terrorist attacks are low, very low in fact, which makes the benefits of enhanced counterterrorism expenditures of a trillion dollars since 9/11 challenging, to say the least, to justify by any rational and accepted standard of cost-benefit analysis.

Our findings dealing with the total enhanced homeland security expenditures should not be taken to suggest that all security measures necessarily fail to be cost-effective: there may be specific measures that are cost-effective.63 But each should be subjected to the kind of risk analysis we have applied to the overall increases in expenditure.

Gauging the Impact of Counter-terrorism Measures on the Hazard

We have assessed the hazard terrorism poses under present conditions — which include, of course, the existence of counter-terrorism measures specifically designed to reduce that hazard. The analysis suggests that additional efforts to reduce its likelihood are scarcely justified.

It is possible, of course, that any relaxation in these measures will increase the terrorism hazard, that it is the counter-terrorism effort is the reason for the low hazard terrorism currently presents. However, in order for the terrorism risk to border on becoming “unacceptable” by established risk conventions — that is, to reach an annual fatality rate of one in 100,000 — the number of fatalities from all forms of terrorism in the U.S. would have to increase thirty-five-fold.64

Thus, to justify current counterterrorism efforts in this manner, one would need to establish, in the case of the United States, that the measures have successfully deterred, derailed, disrupted, or protected against attacks that would otherwise have resulted in the deaths of more than 3,000 people in the country every year, equivalent to experiencing attacks as devastating as those on 9/11 at least once a year or eighteen Oklahoma City bombings every year. Even if all the (mostly embryonic and in many cases moronic) terrorist plots exposed since 9/11 in the United States had been successfully carried out, their likely consequences would have been much lower. Indeed, as the earlier discussion indicates, the number of people killed by terrorists throughout the world outside (and sometimes within) war zones both before and after 2001 generally registers at far below that number.

A Future Increase in Terrorist Destruction?

We have been using “historical” data here, and these suggest the chances an American will perish at the hands of a terrorist is about one in 3.5 million per year.65 However, although there is no guarantee that the terrorism frequencies of the past will necessarily persist into the future, there seems to be little evidence terrorists are becoming any more destructive, particularly in the West. In fact, if anything, there seems to be a diminishing, not expanding, level of terrorist activity and destruction at least outside of war zones. As Andrew Mack concludes, there is “no evidence of any substantial increase in the fatality toll since data on both domestic and international terrorism began to be collected in 1998.” Indeed, the two datasets he examines that have statistics going back to that year both “reveal a decline in deaths from terrorism.”66

Moreover, as discussed earlier, according both to official and prominent academic accounts, the levels of violence likely to be committed by Islamic extremists within Western countries seems, if anything to be in decline. Fears about large, sophisticated attacks have been replaced by fears concerning tiny conspiracies, lone wolves, and one-off attackers.

Those who wish to discount such arguments and projections need to demonstrate why they think terrorists will suddenly get their act together and inflict massively increased violence, visiting savage discontinuities on the historical data series.67 Moreover, they should also restrain themselves from using historical data themselves to explain, for example, why attacks on New York are more likely than ones on Xenia, Ohio, or Perth, Australia.

Actually, a most common misjudgment has been to embrace extreme events as harbingers presaging a dire departure from historical patterns. In the months and then years after 9/11, as noted at the outset, it was almost universally assumed that the terrorist event was a harbinger rather than an aberration.68 There were similar reactions to Timothy McVeigh’s 1995 truck bomb attack in Oklahoma City as concerns about a repetition soared. And in 1996, shortly after the terrorist group Aum Shinrikyo set off deadly gas in a Tokyo subway station, one of terrorism studies’ top gurus, Walter Laqueur, assured the world that some terrorist groups “almost certainly” will use weapons of mass destruction “in the foreseeable future.”69 Presumably any future foreseeable in 1996 is now history, and Laqueur’s near “certainty” has yet to occur.

The Tradeoffs, Opportunity Costs

Risk reduction measures that produce little or no net benefit to society or produce it at a very high cost cannot be justified on rational life-safety and economic grounds — they are not only irresponsible, but, essentially, immoral. When we spend resources on regulations that save lives at a high cost, we forgo the opportunity to spend those same resources on regulations and processes that can save more lives at the same cost, or even at a lower one. Homeland security expenditure invested in a wide range of more cost-effective risk reduction programs like flood protection, vaccination and screening, vehicle and road safety, health care, and occupational health and safety would likely result in far more significant benefits to society.

For example, diverting a few percent of the nearly $10 billion per year spent on airline security could save many lives at a fraction of the cost if it were instead spent on such proven life savers as seat belts, bicycle helmets, tandem mass spectrometry screening programs, airbags, smoke alarms, and tornado shelters. A government obliged to allocate funds in a manner that best benefits society must explain why it is spending billions of dollars on security measures with very little proven benefit and why that policy is something other than a reckless waste of resources.

It may be useful in this light to put counterterrorism expenditures in broadest comparative context. A group of international experts assembled by Bjorn Lomborg applied cost-benefit thinking to a wide range of issues and found many in which the benefit is ten times greater than the cost and in which the number of lives saved is spectacular. According to these analysts, an investment of merely $2 billion could save over 1.5 million lives: one million child deaths could be averted by expanded immunization coverage while community-based nutrition programs could save another half a million. If a miserly $2 billion were redirected from the homeland security budget, the likelihood and consequences of such attacks would hardly change, but anywhere from 300 to 60,000 times more lives — albeit not necessarily American or Western ones — would be saved if the funds were instead spent on the risk reducing measures suggested by Lomberg and his associates.70

Political Realities

Politicians and bureaucrats do, of course, face considerable political pressure on the terrorism issue. In particular, they are fully wary of the fact that Jeffrey Rosen is on to something when he suggests that “we have come to believe that life is risk free and that, if something bad happens, there must be a government official to blame.”71

The dilemma is nicely parsed by James Fallows. He points out that “the political incentives here work only one way.” A politician who supports more extravagant counterterrorism measures “can never be proven wrong” because an absence of attacks shows that the “measures have lsquo;worked’,” while a new attack shows that we “must go farther still.” Conversely, a politician seeking to limit expenditure “can never be proven lsquo;right’” while “any future attack will always and forever be that politician’s lsquo;fault’.” Or in the words of Michael Sheehan, “No terrorism expert or government leader wants to appear soft on terrorism. It’s always safer to predict the worst; if nothing happens, the exaggerators are rarely held accountable for their nightmare scenarios.”72

In Friedman’s view, the problem is quite general not only in government and political agencies, but in associated think tanks: “the path of least resistance is to write about how to control a danger instead of evaluating its magnitude.” And, although such analysts “rarely take orders,” at the same time “few offer analyses that harms their benefactors.” It is a rare bureaucrat or expert, he contends, who “will voice opinions harmful to his organization or prospects for appointment, but even fewer will offer those opinions without being asked, and few policy-makers will ask.”73

Explaining Risk versus Stoking Fear

However, nothing in all this relieves politicians and bureaucrats of the fundamental responsibility of informing the public honestly and accurately of the risk that terrorism presents. Daniel Gardner notes that the failure of Bush administration “to put the risk in perspective was total.”74 That continues to be the case with the new one.

Instead, the emphasis has been on exacerbating fears. As Friedman aptly notes, “For questionable gains in preparedness, we spread paranoia” and facilitate the bureaucratically and politically appealing notion that “if the threat is everywhere, you must spend everywhere,” while developing and perpetrating the myth, or at least the impression, that the terrorists are omnipotent and omnipresent.75

Thus it was in 2003 that Homeland Security Secretary Tom Ridge divined that “extremists abroad are anticipating near term attacks that they believe will either rival, or exceed” those of 2001. And in 2004, Attorney General John Ashcroft, with FBI Director Robert Mueller at his side, announced that “credible intelligence from multiple sources indicates that al-Qaeda plans to attempt an attack on the United States in the next few months,” that its “specific intention” was to hit us “hard,” and that the “arrangements” for that attack were already 90 percent complete. (Oddly enough, Ashcroft fails to mention this memorable headline-grabbing episode in Never Again, his 2006 memoir of the period.) In 2003 Director Mueller reported that, although his agency had yet actually to identify an al-Qaeda cell in the U.S., such unidentified (or imagined) entities nonetheless presented “the greatest threat,” had “developed a support infrastructure” in the country, and had achieved both the “ability” and the “intent” to inflict “significant casualties in the U.S. with little warning.” In 2005, at a time when the FBI admitted it still had been unable to unearth a single true al-Qaeda cell, Mueller continued his dire I-think-therefore-they-are projections: “I remain very concerned about what we are not seeing,” he ominously ruminated.76 Needless to say, the media remained fully in step. Thus, on the fifth anniversary of 9/11, ABC’s Charles Gibson dutifully intoned, “Putting your child on a school bus or driving across a bridge or just going to the mall — each of these things is a small act of courage — and peril is a part of everyday life.”77

Terrorism induced fears can be debilitating. For one thing they can cause people routinely to adopt skittish, overly risk averse behavior, at least for a while, and this can much magnify the impact of the terrorist attack, particularly economically. That is, the problem is not that people are trampling each other in a rush to vacate New York or Washington, but rather that they may widely adopt other forms of defensive behavior, the cumulative costs of which can be considerable. As Cass Sunstein notes, “in the context of terrorism, fear is likely to make people reluctant to engage in certain activities, such as flying on airplanes and appearing in public places,” and “the resulting costs can be extremely high.”78

Yet, despite the importance to responsible policy of seeking to communicate risk and despite the costs of irresponsible fear-mongering, just about the only official who has ever openly put the threat presented by terrorism in some sort of context is New York’s Mayor Michael Bloomberg who, in 2007, pointed out that people should “get a life” and that they have a greater chance of being hit by lightning than of being struck by terrorism.79

Things are not much better in the media. There seemed to be a brief glimmer on the December 28, 2009, PBS NewsHour when Gwen Ifill, in introducing a segment on the then-recent underwear bomber’s attempt to down an airliner, actually happened to note that the number of terrorist incidents on American airliners over the previous decade was one for every 16.5 million flights.80 This interesting bit of information, however, was never brought up again either by Ifill or by the three terrorism experts she was interviewing. Nor, of course, did anyone think of suggesting that, at that rate, maybe the airlines are already safe enough.

In 2007, now-former CIA Director Tenet revealed on CBS’ 60 Minutes that his “operational intuition” was telling him that al-Qaeda had “infiltrated a second wave or a third wave into the United States at the time of 9/11,” though he added, “Can I prove it to you? No.” (One might think that aging members of that “wave” would have since had a great incentive to actually do something since the longer they linger, the greater the likelihood they will be exposed and caught.) And DHS Secretary Michael Chertoff informed us a few months later that his gut was telling him there’d be an attack during that summer. It would seem that when officials responsible for public safety issue fear-inducing proclamations based by their own admission on nothing, they should be held to account. Then in 2010, Napolitano joined in announcing that, although the likelihood of a large-scale organized attack was reduced, the continued danger of a small-scale disorganized attack meant that the terrorist threat was somehow now higher than at any time since 9/11. As Ian Lustick puts it, the government “can never make enough progress toward ‘protecting America’ to reassure Americans against the fears it is helping to stoke.”81

Political realities supply an understandable excuse for expending money, but not a valid one, and they do not relieve officials of the responsibility of seeking to expend public funds wisely. It is particularly important to do so with homeland security expenditures. They deal not with bridges to nowhere or with crop subsidies, but with public safety — or domestic tranquility — the central, fundamental reason for the existence of government in the first place. It is imperative that decisions be made sensibly and responsibly in this area. To be irrational with your own money may be to be foolhardy, to give in to guilty pleasure, or to wallow in caprice. But to be irrational with other people’s money, particularly where public safety is the issue, is to be irresponsible, to betray an essential trust. In the end, it becomes a dereliction of duty that cannot be justified by political pressure, bureaucratic constraints, or emotional drives.

Are Political Concerns Overwrought?

However, although political pressures may force actions and expenditures that are unwise, they usually do not precisely dictate the level of expenditure. Thus, although there are public demands to “do something” about terrorism, nothing in that demand specifically requires removing shoes in airport security lines, requiring passports to enter Canada, spreading bollards like dandelions, or making a huge number of buildings into forbidding fortresses.

The United Kingdom, which seems to face an internal threat from terrorism that is considerably greater than that for the United States, appears nonetheless to spend proportionately much less than half as much on homeland security, and the same holds for Canada and Australia. Yet politicians and bureaucrats there do not seem to suffer threats to their positions or other political problems because of it.82

As this might suggest, it is possible politicians and bureaucrats are overly fearful about the political consequences. It is often argued that there is a political imperative for public officials to “do something” (which usually means overreact) when a dramatic terrorist event takes place — “You can’t just not do anything.” However, history clearly demonstrates that overreaction is not necessarily required. Sometimes, in fact, leaders have been able to restrain their instinct to overreact. Even more important, restrained reaction — or even capitulation to terrorist acts — has often proved to be entirely acceptable politically. This is a particularly important issue because it certainly appears that avoiding overreaction is by far the most cost-effective counterterrorism measure.

Consider, for example, the two instances of terrorism that killed the most Americans before September 2001. Ronald Reagan’s response to the first of these, the suicide bombing in Lebanon in 1983 that resulted in the deaths of 241 American Marines, was to make a few speeches and eventually to pull the troops out. The venture seems to have had no negative impact on his reelection a few months later. The other was the December 1988 bombing of a Pan Am airliner over Lockerbie, Scotland, in which 187 Americans perished. Perhaps in part because this dramatic and tragic event took place after the elections of that year, the official response, beyond seeking to obtain compensation for the victims, was simply to apply meticulous police work in an effort to tag the culprits, a process that bore fruit only three years later and then only because of an unlikely bit of luck.83 But that cautious, even laid back, response proved to be entirely acceptable politically.

Similarly, after an unacceptable loss of American lives in Somalia in 1993, Bill Clinton responded by withdrawing the troops without noticeable negative impact on his 1996 reelection bid. Although Clinton reacted with (apparently counterproductive) military retaliations after the two U.S. embassies were bombed in Africa in 1998, his administration did not have a notable response to terrorist attacks on American targets in Saudi Arabia (Khobar Towers) in 1996 or to the bombing of the U.S.S. Cole in 2000, and these non-responses never caused it political pain. George W. Bush’s response to the anthrax attacks of 2001 did include a costly and wasteful stocking up of anthrax vaccine and enormous extra spending by the U.S. Post Office. However, beyond that, it was the same as Clinton’s had been to the terrorist attacks against the World Trade Center in 1993 and in Oklahoma City in 1995 and the same as the one applied in Spain when terrorist bombed trains there in 2004 or in Britain after attacks in 2005: the dedicated application of police work to try to apprehend the perpetrators. This approach proved to be entirely acceptable politically. Similarly, the Indian government was able to neglect popular demands for retaliatory attacks on Pakistan for the damage inflicted on Mumbai in 2008 by terrorists based there.84

Thus, despite short-term demands that some sort of action must be taken, experience suggests politicians can often successfully ride out this demand after the obligatory and essentially cost-free expressions of outrage are prominently issued.

It is true that few voters spend a great amount of time following the ins and outs of policy issues and even fewer are certifiable policy wonks. But they are grown-ups, and it is just possible they would respond reasonably to an adult conversation about terrorism. After all, Mayor Bloomberg’s “get a life” outburst in 2007 did not have negative consequences for him. He is still in office and, although he had some difficulties in his reelection two years later, his blunt comments about terrorism were not the cause.

There is also a tendency to assume that the outsized reaction to 9/11 will necessarily be repeated if there is another attack in the United States. However, London experienced a double hit in 2005: attacks on the underground two weeks apart (of which only the first was successful). But the politicians in charge survived. Also potentially relevant here is the fact that terrorist attacks on resort areas in Bali in 2002 had a far larger negative impact on tourism than did subsequent ones in 2005.

Interesting in this regard is the remarkably muted reaction of the American public (and media) to the 2009 shootings by a Muslim psychiatrist at Fort Hood, Texas, that killed thirteen and injured thirty more. Although this could be considered to an act of a deranged man, it is generally taken to be a case of Islamic terrorism, and it is by far the worst since 9/11 in the United States. Although obviously far less costly than the earlier terrorist event, it could have been taken to be the next step in a terrorist onslaught — something that Americans have long been ominously waiting for. However, it failed to generate much outrage or demand for an outsized response. Indeed, a year later it was scarcely remembered, as when the prominent journalist, James Fallows, mused about raising “the certainty that some day another terrorist attack will succeed” without noting that one had already taken place.85

Then in 2010, President Barack Obama rather candidly observed to Washington Post reporter Bob Woodward, “We can absorb a terrorist attack. We’ll do everything we can to prevent it, but even a 9/11, even the biggest attack ever … we absorbed it and we are stronger.”86 This may have been the first time any official acknowledged the issue in public, and Obama even used the unpleasant word “absorb” rather than the more politically correct “resilient.” Obama’s highly unconventional statement drew great attention in the press, but it hardly seems to have hurt the President’s effectiveness or approval ratings.

Terrorism can inspire self-destructive overreaction like no other hazard, and this can be massively costly — the two wars impelled or facilitated by 9/11 are only the most vivid examples. Indeed, the costs of overreaction can be far higher than those inflicted by the terrorists themselves — as they were even for 9/11, by far the most destructive terrorist act in history.87 Osama bin Laden has gloated over this phenomenon, claiming his goal is to bleed America into bankruptcy, something only the United States could do to itself.88

The notion that this is a problem seems to be dawning on people considering terrorism. In 2004, Stephen Flynn began an article by dramatically proclaiming that the United States is “living on borrowed time — and squandering it” and ending it with a warning about the “long, deadly struggle against terrorism.” He also admitted that he often labored under a sense of despair and dread and suggested that officials must assume that terrorists will “soon” launch attacks far more deadly and disruptive than those of 9/11.89 And late in the same year he contributed to an op-ed article vividly entitled “’Our Hair Is on Fire’,” declaring that al-Qaeda had both the ability and the intent to detonate a weapon of mass destruction in the United States and envisioning graves by the hundreds of thousands, the collapse of the economy, and “perhaps a fatal blow to our way of life.”90 However, by 2010, he was arguing that the greatest threat from terrorism “comes from what we would do to ourselves when we are spooked” and that is it this “that makes it an appealing tool for our adversaries.”91

And in early 2005, Richard Clarke, counterterrorism coordinator from the Clinton administration, issued a scenario that appeared in the Atlantic as a cover story in which he darkly envisioned shootings at casinos, campgrounds, theme parks, and malls in 2005, bombings in subways and railroads in 2006, missile attacks on airliners in 2007, and devastating cyber attacks in 2008.92 By 2010, however, he was advocating that “we should not adopt procedures that inconvenience the public more than they do the terrorists and amount to little more than security theater,” that “those who seek political gain from the murder of Americans” should be “regarded as despicable,” and that, should terrorists successfully attack again, we should “refine our tactics and procedures,” but “not overreact.” To do this, however, notes Clarke, would require “a good dose” of that oxymoronic commodity, “political courage.”93

The 2004 article in which Flynn proclaimed the United States to be “living on borrowed time — and squandering it” and warned about the “long, deadly struggle against terrorism” also includes something of a midcourse correction. In seeking to supply a standard for “how much security is enough,” he suggested that that happy moment would come about when “the American people can conclude that a future attack on U.S. soil will be an exceptional event that does not require wholesale changes in how they go about their lives.”94 It seems reasonable to suggest that they can do so right now — and, for that matter, could have done so in 2004.

About the Authors

<pJohn Mueller is professor of political science at Ohio State University.
He is the author of over a dozen books, several of which have won prizes.
Among the most recent:
The Remnants of War (2004), Overblown (2006), and Atomic Obsession: Nuclear Alarmism from Hiroshima to Al-Qaeda (2010).
He is also editor of
Terrorism Since 9/11: The American Cases published as a web book in 2011 by the Mershon Center at OSU,
He has published extensively in scholarly journals and general magazines and newspapers, is a member of the American Academy of Arts and Sciences, and has been a John Simon Guggenheim Fellow.
In 2009, Mueller received the International Studies Association’s Susan Strange Award as one “whose singular intellect, assertiveness, and insight most challenge conventional wisdom and intellectual and organizational complacency in the international studies community.”
For more information or to contact John Mueller, please go to

Mark G. Stewart is professor of civil engineering and director of the Centre for Infrastructure Performance and Reliability at the University of Newcastle in Australia.
He is the lead author of
Probabilistic Risk Assessment of Engineering Systems (Chapman & Hall, 1997), as well as more than 300 technical papers and reports.
He has more than twenty-five years of experience in probabilistic risk assessment of infrastructure systems that are subject to man-made and natural hazards.
Since 2004, Stewart has received extensive Australian Research Council support to develop probabilistic terrorism risk-modeling techniques for buildings subject to explosive blasts and cost-benefit assessments of counterterrorism protective measures for critical infrastructure.
In 2011, he received a five-year Australian Professorial Fellowship from the ARC to continue and to extend that work.
For more information or to contact Mark Stewart, please go to

For additional and wider-ranging assessments of the issues raised and the approaches used in this article, see John Mueller and Mark G. Stewart, Terror, Security and Money: Balancing the Risks, Benefits, and Costs of Homeland Security (New York and Oxford, UK: Oxford University Press, forthcoming in early September 2011).
More information available at

  1. Howard Kunreuther, “Risk Analysis and Risk Management in an Uncertain World,” Risk Analysis 22, no. 4 (August 2002): 662-63. See also John Mueller, “Some Reflections on What, if Anything, lsquo;Are We Safer?’ Might Mean,”, 11 September 2006,
  2. Bill Gertz, “5,000 in U.S. Suspected of Ties to al Qaeda; Groups Nationwide Under Surveillance,” Washington Times, July 11, 2002; Richard Sale, “US al Qaida Cells Attacked,” UPI, October 31, 2002.
  3. Rudy Giuliani, interviewed on CNN, July 22, 2005.
  4. Veronique de Rugy, “The Economics of Homeland Security,” in Terrorizing Ourselves: Why U.S. Counterterrorism Policy Is Failing and How To Fix It, eds. Benjamin H. Friedman, Jim Harper, and Christopher A. Preble (Washington, DC: Cato Institute, 2010), 123.
  5. As he put it mockingly in a videotaped message in 2004, it is “easy for us to provoke and bait… All that we have to do is to send two mujahidin… to raise a piece of cloth on which is written al-Qaeda in order to make the generals race there to cause America to suffer human, economic, and political losses.” He proclaimed his policy is one of “bleeding America to the point of bankruptcy,” triumphally pointing to the fact that the 9/11 terrorist attacks cost al-Qaeda $500,000 while the attack and its aftermath inflicted, he claims, “a cost of more than $500 billion on the United States” (Full transcript of bin Laden’s speech,, October 30, 2004). However this was not his original idea. Initially, he apparently expected that the United States would essentially under react to the 9/11 attacks. Impressed, in particular, with the American reaction to rather small losses in Lebanon in 1983 and in Somalia in 1993, he appears to have believed that the country would respond to an attack on itself by withdrawing from the Middle East (Lawrence Wright, The Looming Tower: Al-Qaeda and the Road to 9/11 (New York: Knopf, 2006), 174, 200). Bin Ladin reformulated his theory after it was blown to shreds when the United States and its allies not only forced al-Qaeda out of its base in Afghanistan and captured or killed many of its main people, but also toppled the accommodating Taliban regime there.
  6. Thomas H. Kean, Chair, The 9/11 Commission Report: Final Report of the National Commission on Terrorist Attacks Upon the United States (Washington, DC: U.S. Government Printing Office, 2004), 391, 396
  7. Matt A. Mayer, Homeland Security and Federalism: Protecting America from Outside the Beltway (Santa Barbara, CA: ABCCLIO, 2009), 62.
  8. Troy Anderson, “Terror May Be at Bay at Port; Shipping Hubs Too Vulnerable,” The Daily News of Los Angeles, May 18,2006.
  9. James A. Thomson, “DHS AWOL? Tough Questions About Homeland Security Have Gone Missing,” RAND Review, (Spring 2007).
  10. Todd Masse, Siobhan O’Neil, and John Rollins, The Department of Homeland Security’s Risk Assessment Methodology: Evolution, Issues, and Options for Congress (Washington, DC: Congressional Research Service, 2 February 2, 2007), 14.
  11. National Research Council of the National Academies, Review of the Department of Homeland Security’s Approach to Risk Analysis (Washington, DC: National Academies Press, 2010), 108.
  12. Transportation Security Administration, “DHS Announces Security Standards for Freight and Passenger Rail Systems,” Press Release, November 13, 2008.
  13. Steve Lord, Aviation Security: TSA is Increasing Procurement and Deployment of the Advanced Imaging Technology, but Challenges to This Effort and Areas of Aviation Security Remain (United States Government Accountability Office, GAO10484T, March 17, 2010), 5. For our risk assessment of the scanners, concluding that they are unlikely to be cost-effective, see John Mueller and Mark G. Stewart, Terror, Security, and Money: Balancing the Risks, Benefits, and Costs of Homeland Security (New York: Oxford University Press, forthcoming 2011), chap. 7; and Mark G. Stewart and John Mueller, “Risk and CostBenefit Analysis of Advanced Imaging Technology Full Body Scanners for Airline Passenger Security Screening,” Journal of Homeland Security and Emergency Management 8, no. 1, Article 30 (2011).
  14. United States Government Accountability Office, Report to Congressional Requesters: Supply Chain Security: Feasibility and Cost-Benefit Analysis Would Assist DHS and Congress in Assessing and Implementing the Requirement to Scan 100 Percent of U.S.-Bound Containers, GAO-10-12 (Washington, DC: Government Printing Office, October 2009). See, however, Susan E. Martonosi, David S. Ortiz, and Henry H. Willis, Evaluating the Viability of 100 Percent Container Inspection at America’s Ports (Santa Monica, CA: RAND Corporation, 2004).
  15. National Research Council, Review of DHS Approach to Risk Analysis.
  16. Gregory F. Treverton, Intelligence for an Age of Terror (New York: Cambridge University Press, 2009), 24-25.
  17. Ibid, 188.
  18. Cass R. Sunstein, “Terrorism and Probability Neglect,” Journal of Risk and Uncertainty 26, no. 2/3 (MarchMay, 2003): 122.
  19. Bruce Schneier, “Worst-Case Thinking,”, May 13, 2010.
  20. Ibid.
  21. Ibid.
  22. Masse et al., DHS Risk Assessment Methodology, 6.
  23. Such as the International Organization for Standardization standard, ISO 31000-2009, Risk Management – Principles and Guidelines (ISO 31000-2009, AS4360-2004 Geneva, Switzerland, 2009).
  24. Masse et al., DHS Risk Assessment Methodology, 15.
  25. National Research Council, Review of DHS Approach to Risk Analysis, 137, emphasis in the original.
  26. Office of Management and Budget, Analytical Perspectives, Budget of the United States Government, Fiscal Year 2011 (Washington, DC: 2011), 381.
  27. Department of Homeland Security, National Infrastructure Protection Plan: Partnering to Enhance Protection and Resiliency (Washington, DC: Department of Homeland Security, 2009), 15n.
  28. Ibid., 11.
  29. Shane Harris and Stuart Taylor Jr., “Homeland Security Chief Looks Back, and Forward,”, March 17, 2008.
  30. Glenn L. Carle, “Overstating Our Fears,” Washington Post, July 13, 2008; see also Marc Sageman, Leaderless Jihad (Philadelphia: University of Pennsylvania Press, 2008) and Fawaz Gerges, “Word on the Street,” (Summer 2008): 69-76.
  31. This discussion stems from Sageman, Leaderless Jihad, from conversations with Sageman, and from a talk on the book he gave in Washington as televised on CSPAN in early 2008 (ably summarized in David Ignatius, “The Fading Jihadists,” Washington Post, February 28, 2008).
  32. Lawrence Wright, “The Rebellion Within,” New Yorker, June 2, 2008. See also Fareed Zakaria, “Post 9/11, We’re Safer Than We Think,” Washington Post, September 13, 2010.
  33. Kevin Johnson, “Weakened al-Qaeda is Still a Threat,” USA Today, September 8, 2009.
  34. On this point, see also Bruce Hoffman, Inside Terrorism, rev. ed. (New York: Columbia University Press, 2006), 271-72.
  35. 2005 report: Brian Ross, “Secret FBI Report Questions Al Qaeda Capabilities: No ‘True’ Al Qaeda Sleeper Agents Have Been Found in U.S.,” ABC News, March 9, 2005. Press conference: Michael Isikoff and Mark Hosenball, “The Flip Side of the NIE,”, August 15, 2007. Officer: Bill Gertz, “Al Qaeda Seen In Search of Nukes: Defense Official Warns U.S. Still Group’s Target,” Washington Times, July 26, 2007.
  36. Testimony by Mueller can be found through Napolitano: Spencer S. Hsu, “Homeland Security chief warns of threat from al-Qaeda sympathizers in U.S.,” Washington Post, December 3, 2009.
  37. Brian Jenkins, Would Be Warriors: Incidents of Jihadist Terrorist Radicalization in the United States Since September 11, 2001 (Santa Monica, CA: RAND Corporation, 2010), 4 (tiny), 5 (Mao), 13 (one-off).
  38. David Schanzer, Charles Kurzman, and Ebrahim Mooza, Anti-Terror Lessons of Muslim-Americans (North Carolina: Triangle Center on Terrorism and Homeland Security, January 6, 2010).
  39. Michael Kenney, “lsquo;Dumb’ Yet Deadly: Local Knowledge and Poor Tradecraft Among Islamist Militants in Britain and Spain,” Studies in Conflict & Terrorism 33, no. 10 (2010): 122. To demonstrate how we face “a thinking enemy that is constantly adapting to defeat our countermeasures” former deputy secretary of homeland security James Loy argues that when cockpit doors were hardened to prevent hijackings, the terrorists moved to shoe bombs to “penetrate our defenses” (“Al-Qaeda’s undimmed threat,” Washington Post, November 7, 2010). However, the hardened doors (which anyway were not much in place in late 2001 when the shoe bomber made his move) were in no sense a defense against bombings, only, as Loy admits, against hijacking. Similarly, Loy’s contention that terrorists “nearly succeeded in blowing up seven planes crossing the Atlantic” is simply preposterous. The terrorist group was under constant police surveillance and could be closed down at any time, and it was nowhere near having sufficient materials, personnel, effective bombs, or, for many of the conspirators, passports that would have allowed them to board the planes. John Mueller, ed., Terrorism since 9/11: The American Cases (Columbus: Mershon Center, Ohio State University, 2011).
  40. Mette Eilstrup-Sangiovanni and Calvert Jones, “Assessing the Dangers of Illicit Networks,” International Security, (Fall 2009).
  41. After 2003, the State Department changed its definitions so that much domestic terrorism — including much of what is happening in the war in Iraq — is now included in its terrorism count (see National Counterterrorism Center, Report on Incidents of Terrorism 2005, April 11, 2006, ii-iii). Current numbers, therefore, are not comparable to earlier ones. However, when terrorism becomes really extensive in an area we generally no longer call it terrorism, but rather war or insurgency. Thus, the Irish Republican Army was generally taken to be a terrorist enterprise, while fighters in Algeria or Sri Lanka in the 1990s were considered to be combatants who were employing guerrilla techniques in a civil war situation — even though some of them came from, or were substantially aided by, people from outside the country. Insurgents and guerrilla combatants usually rely on the hit-and-run tactics employed by the terrorist, and the difference between terrorism and such wars is not in the method, but in the frequency with which it is employed. Without this distinction, much civil warfare (certainly including the decade-long conflict in Algeria in the 1990s in which perhaps 100,000 people perished) would have to be included in the “terrorist” category. That is, with the revised definition, a huge number of violent endeavors that have normally been called “wars” would have to be recategorized. Indeed, the concept of civil war might have to be retired almost entirely. For more on the distinction, see John Mueller, The Remnants of War (Ithaca, NY: Cornell University Press, 2004), 18-20.
  42. Todd Sandler, Daniel G. Arce, and Walter Enders, “Transnational Terrorism,” in Global Crises, Global Solutions, ed. Bjorn Lomborg (Cambridge, U.K.: Cambridge University Press, 2009), 524.
  43. Anthony H. Cordesman, The Challenge of Biological Weapons (Washington, DC: Center for Strategic and International Studies, 2005), 29-31, tallies “major attacks by Islamists” outside of Iraq: 830 fatalities for the period April 2002 through July 2005; we have corrected the total for the 2005 London bombings, given as 100 in this source, to 52. Brian Michael Jenkins, Unconquerable Nation: Knowing Our Enemy and Strengthening Ourselves (Santa Monica, CA: RAND Corporation, 2006), 17984, tallies “major terrorist attacks worldwide” by “jihadist extremists” outside Afghanistan, Iraq, Israel, Palestine, Algeria, Russia, and Kashmir: 1129 fatalities for the period October 2001 through April 2006. “Jihadi Attack Kill Statistics,” IntelCenter, August 17, 2007 (, 11, tallies “most significant attacks executed by core al-Qaeda, regional arms and affiliate groups excluding operations in insurgency theaters”: 1,632 fatalities for the period January 2002 through July 2007.
  44. John Stossel, Give Me a Break (New York: HarperCollins, 2004), 77.
  45. Garrick Blalock, Vrinda Kadiyali, and Daniel H. Simon, “The Impact of Post9/11 Airport Security Measures on the Demand for Air Travel,” Journal of Law and Economics 50, no. 4 (November 2007): 731-55.
  46. Webel Baird, Terrorism Risk Insurance: An Overview, CRS Report for Congress (Washington, DC: Congressional Research Service, April 11, 2005), 1.
  47. “MarketWatch: Terrorism Insurance” (London: Marsh Inc., 2005). Governments in the United Kingdom, continental Europe, Australia, South Africa, India, and elsewhere enacted similar terrorism reinsurance schemes. “Terrorism Insurance Update” (London: Marsh Inc., June 2004).
  48. Based on a survey of 1,382 firms in the United States. See The Marsh Report: Terrorism Risk Insurance 2010 (London: Marsh Inc., 2010), 16.
  49. $9,541 divided by $303 million, or 0.003%.
  50. For details, see Mueller and Stewart, Terror, Security, and Money, chap. 3.
  51. System modeling and reliability techniques exist to calculate risk reductions for any system (see Mark G. Stewart and Robert E. Melchers, Probabilistic Risk Assessment of Engineering Systems (London: Chapman & Hall, 1997) and Mark G. Stewart, “Risk-Informed Decision Support for Assessing the Costs and Benefits of Counter-Terrorism Protective Measures for Infrastructure,” International Journal of Critical Infrastructure Protection 3. No. 1 (2010): 29-40.) While there are many advantages to probabilistic and reliability analyses for calculating risk reductions, they are not always appropriate, particularly for the lsquo;new hazard’ of terrorism. Hence, as is the case with any risk analysis of a complex system, information about risk reductions may be inferred from expert opinions, scenario analysis, statistical analysis of prior performance data, on system modeling as well as from probabilistic and reliability analysis. The discussion to follow draws on all these aspects to arrive at quantifiable risk reductions.
  52. Kean, 9/11 Commission Report, 108. On this issue, see also Benjamin H. Friedman, “Perception and power in counterterrorism: Assessing the American response to Al Qaeda before September 11,” in American Foreign Policy and the Politics of Fear: Threat Inflation since 9/11, Trevor Thrall and Jane K. Cramer, eds. (London and New York: Routledge, 2009), 210-229.
  53. Michael A. Sheehan, Crush the Cell: How to Defeat Terrorism Without Terrorizing Ourselves (New York: Crown, 2008), 263.
  54. Terry McDermott, “The Mastermind: Khalid Sheikh Mohammed and the making of 9/11,” New Yorker, September 13, 2010.
  55. Bart Hobijn and Erick Sager, “What Has Homeland Security Cost? An Assessment: 2001-2005,” Current Issues in Economics and Finance 13, no. 2 (Federal Reserve Bank of New York, 2007): 17.
  56. Office of Management and Budget, Analytical Perspectives 2010,, 379. FY2009 is the most recent year where actual expenditures, as opposed to budget requests, are known. The federal budget includes expenditure from aviation security fees and other fee-funded homeland security programs.
  57. Actual expenditures for FY2010 and FY2011 not known at this time.
  58. For a full analysis of such calculations, see Mueller and Stewart, Terror, Security, and Money, chap. 2-3.
  59. 75 billion dollars divided by risk reduction (45 percent) divided by 5 billion dollars.
  60. The ratio of benefit to cost is equal to (attack probability) x (losses) x (risk reduction) / (security cost)
  61. Interesting in this respect is Vice President Dick Cheney’s “one-percent doctrine.” When a top CIA analyst told him in 2001 that al-Qaeda probably didn’t have a nuclear weapon, but that he couldn’t “assure you that they don’t,” Cheney replied, “If there’s a one percent chance that they do, you have to pursue it as if it were true.” (George Tenet and Bill Harlow, At the Center of the Storm: My Years at the CIA (New York: HarperCollins, 2007), 264.) Table 2 suggests in the last column, however, that there would have to be at least a 3.3 percent yearly chance that al-Qaeda not only had a nuclear weapon but that, in addition, it possessed the capacity to set one off in a key place in a crowded American city. Under that circumstance enhanced homeland security expenditures would be deemed cost-effective.
  62. On the costs of the Iraq War, see Joseph E. Stiglitz and Linda J. Bilmes, The Three Trillion Dollar War: The True Cost of the Iraq Conflict (New York: Norton, 2008).
  63. For efforts to do so for various protective measures, see Mueller and Stewart, Terror, Security, and Money, chap. 5-7. It appears that the protection of a standard office-type building would be cost-effective only if the likelihood of a sizable terrorist attack on the building is a thousand times greater than it is at present. Something similar holds for the protection of bridges: Stewart, “Risk-Informed Decision Support.” On the other hand, hardening cockpit doors may be cost-effective, though the provision for air marshals on the planes decidedly is not: Mark G. Stewart and John Mueller, “A Risk and Cost-Benefit and Assessment of U.S. Aviation Security Measures,” Journal of Transportation Security 1, no. 3 (2008): 143-159. The cost-effectiveness of full-body scanners is questionable at best: Mueller and Stewart, Terror, Security, and Money, chap. 7; Stewart and Mueller, “Risk and Cost-Benefit Analysis.”
  64. For a fuller discussion of this point, see John Mueller and Mark G. Stewart, “Hardly Existential: Thinking Rationally About Terrorism,”, April 2, 2010; Mueller and Stewart, Terror, Security, and Money, chap. 2.
  65. “Global Terrorism Database 1970-2007,” Mueller and Stewart, Terror, Security and Money, chap. 2.
  66. Andrew Mack, “Dying to Lose: Explaining the Decline in Global Terrorism,” in Human Security Brief 2007 (Vancouver, BC: Human Security Report Project, School for International Studies, Simon Fraser University, 2008), 821.
  67. On the unlikelihood of atomic terrorism, see John Mueller, Atomic Obsession: Nuclear Alarmism from Hiroshima to Al-Qaeda (New York: Oxford University Press, 2010), chap. 12-15. See also Brian Michael Jenkins, Will Terrorists Go Nuclear? (Amherst, NY: Prometheus, 2008).
  68. For rare, perhaps unique, exceptions, see John Mueller, “Harbinger or Aberration? A 9/11 Provocation,” National Interest (Fall 2002): 45-50, and Russell Seitz, “Weaker Than We Think,” American Conservative 6 (December 2004).
  69. Walter Laqueur, “Postmodern Terrorism: New Rules for an Old Game,” Foreign Affairs (September/October, 1996). For a lively discussion of expert prediction, see Dan Gardner, Future Babble (New York: Dutton, 2011).
  70. Bjorn Lomborg, Global Crises, Global Solutions (Cambridge, U.K.: Cambridge University Press, 2009). See also Mueller and Stewart, Terror, Security and Money, chap. 9; Tammy O. Tengs and John D. Graham, “The Opportunity Costs of Haphazard Social Investments”, in Life-Saving, Risks, Costs, and Lives Saved: Getting Better Results from Regulation, R. W. Hahn, ed. (Washington, DC: American Enterprise Institute, 1996), 167-182.
  71. Jeffrey Rosen, “ManMade Disaster,” New Republic, December 24, 2008.
  72. James Fallows, “If the TSA Were Running New York,”, May 2010; Sheehan, Crush the Cell, 7.
  73. Benjamin H. Friedman, “The Terrible lsquo;Ifs.’” Regulation (Winter 2008): 39.
  74. Daniel Gardner, The Science of Fear: Why We Fear the Things We Shouldn’t — and Put Ourselves in Greater Danger (New York: Dutton, 2008), 262.
  75. Benjamin Friedman, “Leap Before You Look: The Failure of Homeland Security,” Breakthroughs (Spring 2004): 33.
  76. Mueller and Stewart, Terror, Money, and Security, chap. 9.
  77. On the media, see John Mueller, Overblown: How Politicians and the Terrorism Industry Inflate National Security Threats, and Why We Believe Them (New York: Free Press, 2006), 39-41; Gardner, The Science of Fear, chap. 8.
  78. Sunstein, “Terrorism and Probability Neglect,” 132.
  79. Sewell Chan, “Buzz Over Mayor’s lsquo;Get a Life’ Remark,”, June 6, 2007.
  80. We calculate that, for the world at large, one airplane flight in 20 million was hijacked or attacked by terrorists in the period from 1999 to 2008.
  81. Tenet: 60 Minutes, CBS, April 29, 2007. Tenet’s assertion is strongly contradicted by the testimony of the chief 9/11 planner: “Substitution for the Testimony of Khalid Sheikh Mohammed,” Chertoff: E. A. Torriero, “U.S. security chief warns of rising risk: Chertoff cites worry over summer attack,” Chicago Tribune, July 11, 2007. Napolitano: Richard A. Serrano, “U.S. Faces ‘Heightened’ Threat Level,” Los Angeles Times, February 10, 2011. Ian Lustick, Trapped in the War on Terror (Philadelphia, PA: University of Pennsylvania Press, 2006), 97.
  82. Mueller and Stewart, Terror, Security, and Money, chap. 4.
  83. Jeffrey D. Simon, The Terrorist Trap: America’s Experience with Terrorism, 2nd ed. (Bloomington, IN: Indiana University Press, 2001), 227-34.
  84. On Canada’s notably measured reaction to the 1985 bombing of the Air India airliner that flew out of Toronto, mostly killing Canadian citizens, see Gwynne Dyer, “The International Terrorist Conspiracy,”, June 3, 2006
  85. James Fallows, “The Evolution of the TSA,”, December 8, 2010. Emphasis in the original.
  86. Steve Luxenberg, “Bob Woodward book details Obama battles with advisers over exit plan for Afghan war,” Washington Post, September 22, 2010.
  87. Mueller, Overblown, chap. 2.
  88. See note 5.
  89. Stephen Flynn, “The Neglected Home Front,” Foreign Affairs (September/October 2004): 20, 33.
  90. Warren Rudman, Gary Hart, Leslie H. Gelb, and Stephen Flynn, “lsquo;Our Hair Is on Fire’,” Wall Street Journal, December 16, 2004.
  91. Stephen Flynn, “5 Myths About Keeping America Safe from Terrorism,” Washington Post, January 3, 2010.
  92. Richard A. Clarke, “Ten Years Later,” Atlantic (January/February 2005), 61-77.
  93. Richard A. Clarke, “The Times Square bomb failed. What will we do when the next bomb works?” Washington Post, May 9, 2010. On security theater, see especially Bruce Schneier, Beyond Fear: Thinking Sensibly About Security in an Uncertain World (New York: Copernicus, 2003).
  94. Flynn, “The Neglected Home Front,” 27.

This article was originally published at the URLs and

Copyright © 2011 by the author(s). Homeland Security Affairs is an academic journal available free of charge to individuals and institutions. Because the purpose of this publication is the widest possible dissemination of knowledge, copies of this journal and the articles contained herein may be printed or downloaded and redistributed for personal, research or educational purposes free of charge and without permission. Any commercial use of Homeland Security Affairs or the articles published herein is expressly prohibited without the written consent of the copyright holder. The copyright of all articles published in Homeland Security Affairs rests with the author(s) of the article. Homeland Security Affairs is the online journal of the Naval Postgraduate School Center for Homeland Defense and Security (CHDS).

3 thoughts on “Balancing the Risks, Benefits, and Costs of Homeland Security”

  1. Are we safer today after spending billions on homeland security? I don’t think so, as this country continues to deteriorate from within. The funding that went to support this ‘valuable’ research and the entire DHS enterprise are part of the rotten and absurd windfall from the 9-11 attacks. We spend billions defending against terrorists abroad while American children become ever more mentally, physically and spiritually disabled. We need a change in priorities.

  2. An analysis based solely on finances fails to see the bigger picture. You can’t put a dollar value on a human life. Ask anybody who has recently lost a loved one if they would spend a million, or a billion, or a trillion dollars to get them back, they would say yes.

  3. At one point the author indicates there are only 150 capable al-qaeda operatives. He lost all credibility well before, but this sealed the deal.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top